Title :
Alerts Analysis and Visualization in Network-based Intrusion Detection Systems
Author :
Yang, Li ; Gasior, Wade ; Katipally, Rajeshwar ; Cui, Xiaohui
Author_Institution :
Dept. of Comput. Sci. & Eng., Univeristy of Tennessee at Chattanooga, Chattanooga, TN, USA
Abstract :
The alerts produced by network-based intrusion detection systems, e.g. Snort, can be difficult for network administrators to efficiently review and respond to due to the enormous number of alerts generated in a short time frame. This work describes how the visualization of raw IDS alert data assists network administrators in understanding the current state of a network and quickens the process of reviewing and responding to intrusion attempts. The project presented in this work consists of three primary components. The first component provides a visual mapping of the network topology that allows the end-user to easily browse clustered alerts. The second component is based on the flocking behavior of birds such that birds tend to follow other birds with similar behaviors. This component allows the end-user to see the clustering process and provides an efficient means for reviewing alert data. The third component discovers and visualizes patterns of multistage attacks by profiling the attacker´s behaviors.
Keywords :
data visualisation; network topology; pattern clustering; security of data; alert analysis; attack visualization; attacker behavior; clustering process; flocking behavior; network administrator; network based intrusion detection system; network topology; visual mapping; Association rules; Data visualization; IP networks; Intrusion detection; Network topology; Visualization; clustering; flocking; intrusion detection; visulization;
Conference_Titel :
Social Computing (SocialCom), 2010 IEEE Second International Conference on
Conference_Location :
Minneapolis, MN
Print_ISBN :
978-1-4244-8439-3
Electronic_ISBN :
978-0-7695-4211-9
DOI :
10.1109/SocialCom.2010.120
